Re: [PATCH v2 2/5] binder: Make shrinker rely solely on per-VMA lock

Next message: Lyude Paul: "[PATCH v21 3/4] rust: faux: Allow retrieving a bound Device"
Previous message: Ahmed S. Darwish: "Re: [PATCH v7 013/120] x86/cpu: Use parsed CPUID(0x80000000)"
In reply to: Dave Hansen: "Re: [PATCH v2 2/5] binder: Make shrinker rely solely on per-VMA lock"
Next in thread: Carlos Llamas: "Re: [PATCH v2 2/5] binder: Make shrinker rely solely on per-VMA lock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Alice Ryhl

Date: Fri Jun 12 2026 - 15:50:29 EST

On Fri, Jun 12, 2026 at 11:47:59AM -0700, Dave Hansen wrote:
> On 6/12/26 10:44, Suren Baghdasaryan wrote:
> >> It's not impossible, but I do think it is irrelevant. Or at least that
> >> the *VMA* is irrelevant in this case. binder_alloc_is_mapped()==false
> >> means that the binder VMA is gone. It's not in the maple tree, and it's
> >> not coming back. If a VMA is found, it's an impostor.
> > Right, but before your change we were bailing out early. With your
> > change we would be generating the traces and freeing the page. I think
> > that's a functional change. Was that your intention?
>
> Yeah, it was intentional.
>
> I think the existing behavior is buggy. It also complicates the goal of
> removing the mmap lock fallback. I've broken that behavior change out
> into a separate patch. (attached here)

I think you can just:

1. do a lock_vma_under_rcu().
2. if it fails, check binder_alloc_is_mapped().
3. if still mapped, return LRU_SKIP, otherwise behave like a failed
vma_lookup() does today under the mmap read lock.

Or you can even skip steps 2 and 3 and treat failed lock_vma_under_rcu()
as LRU_SKIP because processes that unmap their Binder vma without
immediately closing the fd (freeing all the pages) does not really exist
in practice.

Alice